Addresscloud Ltd

Addresscloud Match & Geocoding API

Addresscloud Match is a leading cloud-hosted address matching and geocoding API. It has been designed to work with OS AddressBase & OSNI Pointer data to return a UPRN and coordinates and works especially well for poor quality addresses.


  • Easy to integrate (REST service)
  • Highly scalable (to 100s of transactions per second)
  • Highly available (99.9% uptime guarantee)
  • Fully managed data updates (5 day SLA)
  • Single string queries, no fixed schema required
  • Excellent match rates (98% + for residential addresses)
  • Fuzzy matching, can correct typos and incorrect postcodes
  • OS AddressBase, OSNI Pointer and Eircode all supported


  • Match even poor quality addresses to rooftop coordinates and UPRN
  • Cleanse, standardised and deduplicate address records
  • No need to manage and process raw OS data
  • Fully hosted, save IT infrastructure costs
  • Geocoding and reverse geocoding supported
  • Supports OSMA, PSMA and NIMA


£0.02 a transaction

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 4 5 9 0 4 4 9 1 5 5 7 4 4 5


Addresscloud Ltd Mark Varley
Telephone: +44 1793 238930

Service scope

Software add-on or extension
Cloud deployment model
Public cloud
Service constraints
System requirements
  • No third party software licences required
  • Compatible with any programming language that supports REST

User support

Email or online ticketing support
Email or online ticketing
Support response times
Technical support is available to all customers through 9am to 5pm Monday to Friday and we respond to all tickets within 1 working day. Telephone and out of hours support including 24/7 is available for an additional cost.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Onsite support
Yes, at extra cost
Support levels
Email support is available to all customers Monday to Friday 9am to 5pm UK time (excluding public holidays). Telephone and out of hours support up to 24/7 is available at additional cost dependent on requirements. All customers will have access to their account manager.
Support available to third parties

Onboarding and offboarding

Getting started
Users are provided with instructions and samples (we recommend Postman) to enable them to quickly get started with the API. We also provide getting started and training videos. Onsite and face-to-face web training are available on request.
Service documentation
Documentation formats
End-of-contract data extraction
We do not store any customer data as part of the Address Match API
End-of-contract process
The API key is disabled and the service is no longer accessible

Using the service

Web browser interface
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
Service interface
What users can and can't do using the API
The API is used for matching addresses, users are supplied with an API key and Client ID which must be used for authenticating to the service. The API cannot be used for setting up or managing users, this is done by the Addresscloud support team.
API documentation
API documentation formats
API sandbox or test environment
Customisation available
Description of customisation
The datasets used can be customised by Addresscloud support agents to return certain attributes.


Independence of resources
All Addresscloud services are fully performance tested and capacity is actively managed to ensure there is sufficient availability if resources for all customers. We employ serverless architectures and managed services wherever possible for our services and provide a full SLA including maximum response times.


Service usage metrics
Metrics types
We record service metrics on the number of calls to the API, average latency, match rates, transactions per second, calls per dataset, locations of matched addresses
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
We do not store any customer data in the Addresscloud Match API
Data export formats
Other data export formats
Data import formats
Other data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
All Addresscloud services are covered by a 99.9% uptime guarantee and we do not schedule downtime or maintenance windows. Service credits are offered when the Service is unavailable for periods of 30 minutes or more in any calendar month. You will have one day of your monthly service fee credited to your account if the total outage period in a month is 30 minutes or more and an additional day for each additional 30 minutes of downtime up to 50% of your monthly hosting fee.
Approach to resilience
The Addresscloud Match API supports many commercial applications including online insurance quotation engines where 24/7 uptime is critical. We have designed and built a cloud-first architecture following best practices of our cloud partner AWS. Our application layer uses serverless technology to ensure we are always on and we use AWS managed database services that are replicated over 3 data centres for high availability. All services are fully monitored and an engineer is on call 24/7 to respond to any automated alerts.
Outage reporting
We provide a public status page at which provides real-time updates and a dashboard showing the current health of all Addresscloud services. Customers may signup for email alerts from the status page.

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Addresscloud uses two separate thrid-party services to manage user access to its customer-facing applications and internal tools (who conform to standards incl. ISO 27001:2013, 27018:2014). Management interfaces and support channels are only accessible by Addresscloud employees, and require secure passwords and 2FA. These requirements are documented in our Security Best Practices document.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

Access to user activity audit information
Users receive audit information on a regular basis
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Security is a central tenet of Addresscloud's service and is considered company-wide, supported by a detailed best-practices document and policies available to all staff. Security is the remit of the CTO who has responsibility for reporting on security matters to the board. Security issues can be raised by any staff or executive member at any time, and can be discussed company-wide during the weekly stand-up where suitable. Reporting lines, and timings for regular reviews of security policies and procedures are clearly documented in the company handbook.
Information security policies and processes
As a distributed, data-centric company, Addresscloud uses a Zero-trust approach to securing its infrastructure and services. In this way, working at the individual level, the company uses a principal of least possible level of access, which along with Zero-trust mean that all employee interactions with Addresscloud services are authenticated and authorized using an approved method.

Addresscloud's security practices are described in a suite of nine policies, which are broadly divided into three categories; data, services, and individuals. Data policies, including Data Protection and Security are formed around a Data Classification Policy which drives policy implementation of who, and what has access to Addresscloud's data, and how it is accessed. Services cover how Addresscloud secures its customer-facing applications using industry standards, and falls within the remit of Software Engineering. Policies for Individuals detail how Addresscloud employees can interact with Addresscloud systems (adhering to principals of zero trust), including levels of responsibly and methods of reporting and communicating security issues at all levels.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Addresscloud uses an Infrastructure As Code (IAC) approach for managing infrastructure, which is revision controlled alongside the services' software. This enables fine-grained change management of both infrastructure and software changes, including a log of change request and approval for audit processes. Changes are discussed with, and approved by senior management prior to deployment. Addresscloud operates multiple separate environments for development, user-acceptance testing and production services, so that changes can be tested internally and by customers prior to production deployments.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Threat intelligence, including vulnerability details, are evaluated against each layer of the Addresscloud infrastructure. Addresscloud uses a serverless architecture, with virtual and physical machines managed and patched in real-time by our service provider. Intelligence is regularly monitored and gathered from relevant publications including NCSC advisories.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Potential compromises may be detected by our automated monitoring systems detecting unusual traffic patterns, by a staff member, or by a customer. Breach indicators are listed in our Cyber Security Incident Policy. The CTO is responsible for coordinating response to potential compromises; identifying what has happened, what is affected, remediation steps, internal feedback for future improvements. Addresscloud responds to incidents on day of notification, with a resolution target of 24 hours.
Incident management type
Supplier-defined controls
Incident management approach
Addresscloud's incident management process is documented in its Cyber Security Incident Policy. Users report incidents to the technical incident response team (documented in Policy). Incident reports are provided by the CTO back to the company in form of verbal description in first-instance, and then written report to be distributed internally and to customers if required.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks


£0.02 a transaction
Discount for educational organisations
Free trial available
Description of free trial
We provide a free non-commercial trial of up to 100 transactions up to 30 days. Longer trials are available on request

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Tell them what format you need. It will help if you say what assistive technology you use.